Sync local AD passwords to Office 365?

I am reading through a lot of information about Office 365 and AD password sync/dirsync, etc. and getting a tad confused as to the best path to take.

I am looking for the simplest way to have my local AD passwords get synced with Office 365 accounts. I don't care about 2 way sync, just something simple to take my AD passwords and have them overwrite the Office 365 passwords.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
There is one (and only one) way to do that. Dirsync.
mvalpredaAuthor Commented:
Will Dirsync allow me to choose what I want to sync? Do I need to set up AD FS?
Cliff GaliherCommented:
Dirsync syncs all of the object types and attributes it supports. There is no selective syncing. ADFS does not sync at all. It is a different set of tools to address different scenarios... mainly true single sign-on scenarios when it comes to O365.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

mvalpredaAuthor Commented:
If I have a bunch of old user objects in will it process those? Or just skip them if the UPN doesn't match anything at O365?
Cliff GaliherCommented:
They will get synced like everything else. Dirsync does not activate any licenses. It is still up to you to do that. You'll just see a bunch of inactive accounts in O365 after the first sync. It is best to clean up AD before dirsync if you have a bunch of objects not in use.
mvalpredaAuthor Commented:
If I sync and then clean up AD, will it delete those inactive accounts from O365?

Is it best to have the UPN set up on all my accounts to match email addresses in O365?
Cliff GaliherCommented:
If you are going to run DirSync, you need to understand how it runs and how to administer it. Read the documentation. Truly. All these questions are answered in there and running it without reading about it is a great way to get yourself in trouble. It is a lot more efficient than playing whack-a-mole with all these questions.
Vasil Michev (MVP)Commented:
You can configure filtering for dirsync, so that only select object are synced to O365:

Here's also comparison between using dirsync with password sync and AD FS:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
There are four viable options

1.  use Dir Sync with password sync

2. Use ADFS which will federate your domain to the cloud

3. user power shell and set all your user passwords to never change:
Connect-MsolService -cred $cred
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

4. Use a third party tool like:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.